From: Casey Schaufler <casey@schaufler-ca.com>
To: "Serge E. Hallyn" <serue@us.ibm.com>, charles.kirsch@internet.lu
Cc: serue@us.ibm.com, Andrew Morgan <morgan@kernel.org>,
lkml <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org,
Gerald Combs <gerald@wireshark.org>,
Gilbert Ramirez <gram@alumni.rice.edu>,
Guy Harris <guy@alum.mit.edu>
Subject: Re: Possible problem in linux file posix capabilities
Date: Sun, 17 Feb 2008 21:17:25 -0800 (PST) [thread overview]
Message-ID: <728865.70879.qm@web36611.mail.mud.yahoo.com> (raw)
In-Reply-To: <20080217224851.GA9168@sergelap.austin.ibm.com>
--- "Serge E. Hallyn" <serue@us.ibm.com> wrote:
> ....
>
> Two quick fixes for you right now (apart from the one you've already
> got :) would be
>
> 1. give wireshark cap_kill, by doing something like
>
> capset cap_kill=ep /bin/wireshark
>
> 2. compile a kernel with SECURITY_FILE_CAPABILITIES=n
>
> Andrew, this pretty much was bound to happen... we need to figure out
> what our approach here should be. My preference is still to allow
> signals when p->uid==current->uid so long as !SECURE_NOROOT. Then as
> people start using secure_noroot process trees they at least must know
> what they're asking for.
>
> An alternative stance is to accept these things as they come up and try
> to quickly work with the authors of such programs to work around it. I
> suppose in a security sense that's the superior way :) But it also
> seems likely to lead to most people choosing option 2 above and not
> bothering to fix the problem.
I probably just missed it when it went by, but do you have some
test cases for file capabilities lying about that I might use?
Thank you.
Casey Schaufler
casey@schaufler-ca.com
next prev parent reply other threads:[~2008-02-18 5:17 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-17 22:48 Possible problem in linux file posix capabilities Serge E. Hallyn
2008-02-18 1:20 ` Andrew G. Morgan
2008-02-18 1:39 ` Serge E. Hallyn
2008-02-18 1:55 ` Andrew G. Morgan
2008-02-18 5:17 ` Casey Schaufler [this message]
2008-02-18 13:44 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=728865.70879.qm@web36611.mail.mud.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=charles.kirsch@internet.lu \
--cc=gerald@wireshark.org \
--cc=gram@alumni.rice.edu \
--cc=guy@alum.mit.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.